Improve Middleware registration

Author: adrenth

Plugin.php

@@ -5,8 +5,7 @@
 namespace Vdlp\BasicAuthentication;
 
 use Backend\Helpers\Backend as BackendHelper;
-use Illuminate\Routing\Router;
-use October\Rain\Foundation\Application;
+use Illuminate\Contracts\Http\Kernel;
 use System\Classes\PluginBase;
 use Vdlp\BasicAuthentication\Console\CreateCredentialsCommand;
 use Vdlp\BasicAuthentication\Http\Middleware\BasicAuthenticationMiddleware;
@@ -24,29 +23,25 @@ public function pluginDetails(): array
         ];
     }
 
-    public function register(): void
-    {
-        $this->app->register(BasicAuthenticationServiceProvider::class);
-
-        $this->registerConsoleCommand(CreateCredentialsCommand::class, CreateCredentialsCommand::class);
-    }
-
     public function boot(): void
     {
-        /** @var Application $application */
-        $application = $this->app;
-
         if (
             (bool) config('basicauthentication.enabled', false) === false
-            || $application->runningInConsole()
-            || $application->runningUnitTests()
+            || $this->app->runningInConsole()
+            || $this->app->runningUnitTests()
         ) {
             return;
         }
 
-        /** @var Router $router */
-        $router = $application->make(Router::class);
-        $router->pushMiddlewareToGroup('web', BasicAuthenticationMiddleware::class);
+        $this->app[Kernel::class]
+            ->pushMiddleware(BasicAuthenticationMiddleware::class);
+    }
+
+    public function register(): void
+    {
+        $this->app->register(BasicAuthenticationServiceProvider::class);
+
+        $this->registerConsoleCommand(CreateCredentialsCommand::class, CreateCredentialsCommand::class);
     }
 
     public function registerPermissions(): array

http/middleware/BasicAuthenticationMiddleware.php

@@ -6,36 +6,22 @@
 
 use Closure;
 use Illuminate\Contracts\Hashing\Hasher;
-use Illuminate\Contracts\Session\Session;
 use Illuminate\Contracts\Translation\Translator;
-use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
 use Illuminate\Support\Str;
-use InvalidArgumentException;
-use Symfony\Component\HttpFoundation\Exception\SuspiciousOperationException;
+use Throwable;
 use Vdlp\BasicAuthentication\Models\Credential;
 
 final class BasicAuthenticationMiddleware
 {
-    private Session $session;
-    private Translator $translator;
-    private Hasher $hasher;
-
-    public function __construct(Session $session, Translator $translator, Hasher $hasher)
-    {
-        $this->session = $session;
-        $this->translator = $translator;
-        $this->hasher = $hasher;
+    public function __construct(
+        private Translator $translator,
+        private Hasher $hasher,
+    ) {
     }
 
-    /**
-     * @return mixed
-     *
-     * @throws SuspiciousOperationException
-     * @throws InvalidArgumentException
-     */
-    public function handle(Request $request, Closure $next)
+    public function handle(Request $request, Closure $next): mixed
     {
         if ($this->isIpAddressWhitelisted((string) $request->ip())) {
             return $next($request);
@@ -47,7 +33,7 @@ public function handle(Request $request, Closure $next)
                 ->where('hostname', $request->getHost())
                 ->where('is_enabled', true)
                 ->firstOrFail(['hostname', 'username', 'password', 'realm', 'whitelist']);
-        } catch (ModelNotFoundException $exception) {
+        } catch (Throwable) {
             // @ignoreException
             return $next($request);
         }
@@ -59,13 +45,6 @@ public function handle(Request $request, Closure $next)
             return $next($request);
         }
 
-        $sessionKey = str_slug(str_replace('.', '_', $credential->hostname) . '_basic_authentication');
-
-        // Session is authorized.
-        if ($this->session->has($sessionKey)) {
-            return $next($request);
-        }
-
         $needsRehash = $this->hasher->needsRehash($credential->password);
 
         // Validate credentials.
@@ -80,8 +59,6 @@ public function handle(Request $request, Closure $next)
                 return $this->getUnauthorizedResponse($credential);
             }
 
-            $this->session->put($sessionKey, $request->getUser());
-
             return $next($request);
         }